The Rise of the Ethical Hacktivist

When Saul Alinsky wrote Rules for Radicals more than four decades ago, the world was a very different place than it is today.

Protests and demonstrations were among the most common tactics for bringing about social change, and they were used on such a broad scale that they helped define the Vietnam War era and counterculture movement of the 1960s and 1970s.

Today there’s a new tool available to those who want to change the world, however, and it’s already brought about results that are at least as dramatic. It’s called “hacking,” and it’s as controversial as its variations are diverse.

“Try to imagine the organization of an event 20 years ago, and compare it with what is happening today,” cybersecurity expert, cybercrime analyst and author Pierluigi Paganini told LinuxInsider. “Just one tweet, a picture, can blow the wind into a revolution.”

What’s ‘Ethical’?

“Hacking,” of course, is a term that has long been fraught with ethical connotations. Often considered synonymous with computerized crime, the term has more recently been broadened to include concepts as far afield as product hacking — essentially, product improvement — and even “life hacking” for better personal productivity and efficiency.

Where things get really interesting, however — as the efforts of Anonymous have illustrated particularly well — is in the distinct and yet related notions of “hacktivism” and “ethical hacking.”

In general usage, the term “ethical hacking” typically is used to mean penetration testing for security-improvement purposes, while “hacktivism” means using computers to bring about political or social change. However, the line separating the two isn’t always entirely clear.

“There are many aspects of this concept,” Rick Falkvinge, founder of the first Pirate Party, Sweden’s Piratpartiet SE, told LinuxInsider.

“First, what is considered ethical can have many layers: Is the penetration testing made within the organization in order to promote better security practices, or is it penetration of a corrupt organization to expose corruption? Both could easily be described as ‘ethical,'” Falkvinge pointed out.

‘We Cannot Ignore Their Voices’

“Since the war in Iraq, hacktivism has been on the rise,” Terry Cutler, a Certified Ethical Hacker and cofounder and chief technology officer of Digital Locksmiths, told LinuxInsider.

From the uprising in Iran to the “Occupy” movement, “tools like Twitter and Facebook were the only way to engage and get their stories out, especially since local media was being blocked,” Cutler explained. “The tools and technology allow these attacks to happen much quicker than before.”

Hacktivism is “the expression of social dissent through hacking,” and it’s growing rapidly, agreed Paganini.

“Media mainly know the name of the collective Anonymous, but behind those masks there are many people, many cultures and countries that daily face different problems,” he explained.

“The common intent is the fight for liberty of expression and free Internet access, but recent revelations have revealed that intelligence agencies monitor everything,” Paganini noted.

“I believe that the hacktivists in the future will pass from the keyboards to the streets,” he added. “We cannot ignore their voices.”

Aaron Swartz’s Legacy

Much of the growth in hacktivism is due to the rise in public awareness of Aaron Swartz over the last year, Yan Zhu, staff technologist with the Electronic Frontier Foundation, told LinuxInsider.

“Aaron spent a lot of his time hacking on projects for social and political change,” Zhu explained, citing the SecureDrop and RECAP projects as examples.

“He embodied the term ‘hacktivist.’ I think his death inspired many people in the free software and activism communities to put more energy into doing likewise,” she said.

In fact, hackathons are increasingly the means through which hacktivist efforts are organized, said Richard Kastelein, entrepreneur, strategist, writer and founder of The Hackfest.

‘It’s the First Step’

“It’s getting more and more common,” Kastelein explained. In addition to a health hackfest being organized by Six Degrees in Brussels in June, Kastelein is working with a UK group to tackle the aging crisis later this year, as well as contributing to a separate effort to help drive innovation and educate developing countries in the Caribbean, he told LinuxInsider.

“There are more and more emerging hackathons around environment, health, LGBT issues and much more,” Kastelein said. “We are finding more and more large brands and corporations want to get involved as sponsors via their CSR departments, and there’s simply more and more companies in sectors such as health that have APIs and even SDKs that are trying to build their own developer communities.”

A key benefit of “‘ethical’ hackathons,” he pointed out, is that they are “part of the process — a larger process — of driving innovation forward that is essential because it takes people from across the spectrum, pushes them together, and in a short time, they are forced to work together in a gamified, competitive atmosphere to build something that can effect change.

“It’s the first step,” said Kastelein. “Ideally, the next step for the great ideas would be bootcamp, incubator, angel investment, VC, etc., or just a lean startup.”

‘Almost Tragic in Some Cases’

Perhaps the biggest downside of hackathons and coordinated hacking efforts is the possibility of losing momentum after the event is over.

“I’m afraid that the short duration of these events encourages people to work on small, fragmented projects that are not necessarily well thought-out,” Zhu said. “It would be great to see more hackathons that bring people together to work on larger, long-term projects, perhaps at regular intervals over the course of a year or so.”

Indeed, “seeing great ideas end after a short-term event is almost tragic in some cases,” Kastelein agreed. “Ideally, we would like to be the initial stage of an ecosystem that further fosters and nurtures those great ideas and moves them into real working products and services.”

On the other hand, “at least the results are made public,” he noted. “We are considering adding in an element that if great ideas fall to the wayside, that we work with the groups in putting their code and concept into open source or Creative Commons mode to allow others to pick up where they left off.”

Currently, all intellectual property is owned by the groups involved according to public hackathon rules and principles globally, Kastelein pointed out.

Analog Equivalents

There seems little doubt that hacktivism is here to stay; still remaining to be sorted out, however, are the legal issues.

Such questions become more clear when you compare digital hacktivism with its equivalents from the analog world, said Piratpartiet’s Falkvinge.

“I would describe the break-in to the FBI of March 8, 1971, that exposed COINTELPRO and numerous other anti-activist methods in light of the Vietnam war as a typical example of pre-Internet ethical hacking,” he suggested.

“Today, the equivalent would be to — illegally — break into a corrupt organization’s servers and copy similarly incriminating documents,” Falkvinge explained. “While today’s powerholders decry such acts, there is little doubt that the break-in of 1971 has been more than justified by the history books, and it certainly caused social change.”

Criminals or Heroes?

The main problem with hacktivism, then, “remains with the legislators and officials who fail to see things in analog-equivalent terms,” Falkvinge said. “If getting documents to a reporter was OK in the pre-Internet age as part of our checks and balances on power, then it has to be OK in the digital age, too.”

Yet “many powerholders freak out at the slightest occurrence of pentesting, even going as far as to punish students who point out security problems in their schools’ IT systems,” he noted. “That’s not proportional, and that’s causing a growing divide of resentment between the offline-borns and the Net generation.”

Looking ahead, “I’d pay attention to this growing divide of resentment and its large-scale social effects,” Falkvinge concluded. “It may manifest itself as a new political power in some countries, as is happening with the nascent Pirate Party movement, or it may manifest itself as an underground culture of people that has different names depending on whom you ask: ‘criminals,’ if you ask the powerholders whose crimes are getting exposed, or ‘hero journalists’ if you ask the average people who are getting news they wouldn’t otherwise.”

Either way, the trend promises to continue.

“We can arrest hackers and hacktivists that violate our networks and that disclose our data,” Paganini said, “but we cannot stop an ideology.”

Terry Cutler is the founder of Digital Locksmiths, Inc. - an IT security and data defense firm based in Montreal - and serves as the company's Chief Technology Officer. Terry is a Certified Ethical Hacker who has learned the mindset of hackers and trained in the techniques of "the bad guys" who seek to do harm to corporations and individuals alike.He is responsible for staying on top of the latest trends in cybersecurity and being an advocate for best practices in the identification and eradication of vulnerabilities that leave the customers of Digital Locksmiths susceptible to the most dangerous threats.Another one of Terry's roles is to be a thought leader for Digital Locksmiths by sharing his expert insights about effective digital security strategies and countermeasures through his writings, speaking engagements, and media interviews.